Hackers seek to disrupt electric grid through 'smart' devices

Published 4:10 pm, Saturday, March 15, 2014

Photo: Mark A. Duncan, Associated Press

Image 1of/1

Caption

Close

Image 1 of 1

FILE- In this Wednesday, Sept. 10, 2003, file photo, the setting sun silhouettes electric transmission lines crossing Berea, Ohio. Americans are paying more to maintain the nation's electrical grid than a decade ago, but they appear to be getting little for their money from utility services that are no more reliable and in some cases seem to be getting worse. An Associated Press analysis of utility spending and reliability nationwide found that electric customers are spending 43 percent more than they did in 2002 to build and maintain local electric infrastructure. Since then, power outages have remained infrequent; but when the lights do go out, it now takes longer to get them back on. (AP Photo/Mark Duncan) less

FILE- In this Wednesday, Sept. 10, 2003, file photo, the setting sun silhouettes electric transmission lines crossing Berea, Ohio. Americans are paying more to maintain the nation's electrical grid than a ... more

Photo: Mark A. Duncan, Associated Press

Hackers seek to disrupt electric grid through 'smart' devices

1 / 1

Back to Gallery

The grid is under attack.

Every day, hackers ranging from high school kids to Iranian Revolutionary Guards search for ways to control or disrupt the flow of power in the United States or steal consumer information, according to regulators and security experts. And even as utilities boost cyberdefenses, the hackers seem to be targeting the ever-growing number of devices and computer systems linked to the grid.

LATEST BUSINESS VIDEOS

Is This the End of Candy Hearts? America's 'Oldest' Candy Company Could CloseVeuer

Fortnite Battle Royale Coming to iOS and AndroidWibbitz

Nike to Investigate Workplace Behavior, Announces President will ResignWibbitz

Things Millennials Do That Leave Parents Scratching Their HeadsBuzz 60

Audi A6 - the new business sedan presented at Gims SwissAutomotoTV

Amazon's Alexa is Creepily Laughing and It's Scary as HellWibbitz

An Emirates Flight Attendant Dies After Falling Off PlaneBuzz 60

Google Brings Wheelchair Routes to MapsWibbitz

The First Synthetic Plastic Was RevolutionaryTimeline

Go to Sleep on One Beach and Wake Up on Another in this Floating HotelRuptly TV

Government regulators have recently focused on the physical security of the grid, following a possible terrorist attack last year on a Pacific Gas and Electric Co. substation in San Jose. Unknown assailants striking at night cut telephone lines to the Metcalf substation, then knocked out 17 transformers with precise gunfire before fleeing.

The threat has grown more difficult to fight over time. Efforts to make the electrical grid "smarter" by using sensors, automation and communications technology have created new potential pathways for hackers to explore, experts say. Specifically, the 476,000 miles of high-voltage transmission lines spanning the country to the millions of digital smart meters now installed in American homes.

Relentless hackers

"There are some very good hackers out there, and they're not going to take 'no' for an answer," said Andy Saunders, managing consultant for the IOActive smart grid security firm. "They're going to keep throwing things at these devices and systems."

Solid information on grid cyberattacks is difficult to find since utilities rarely discuss the subject in public.

"Like most in our industry, there's very little we can share publicly on the topic of cybersecurity," said PG&E spokeswoman Jody Fox. "We have a responsibility to our customers and to the public at large to keep confidential any specific information about our cybersecurity measures that could be used by malicious actors looking to gain access to our systems."

IOActive warned in 2009 that smart meters were vulnerable to a computer worm attack that could cut off electricity to whole communities. The industry has since started using encryption technology and boosted spending on security.

"Doing all that has removed some of the vulnerabilities, but what that doesn't do is remove the threat," Saunders said.

The situation is complicated by the hodgepodge nature of the grid. Smart meters built this year co-exist on the same network with power-plant gear installed decades ago, pieces of which may predate the Internet. And the computer systems that control all those disparate pieces of equipment have changed over the years.

"Fifty years ago, cybersecurity was not high on the priority list," said Annabelle Lee, senior technical executive at the Electric Power Research Institute, a research organization that serves utilities. "You still have a large amount of that legacy equipment that's going to be out there for a long time."

The federal government has long worried about the potential devastation a cyberattack could wreak, both for individual companies and the entire country.

In 2007, government researchers staged an experimental cyberattack, dubbed "Aurora," on an electric generator within a U.S. Department of Energy lab in Idaho, causing the generator to self-destruct. The Department of Homeland Security then worked with energy companies on ways to thwart a real attack.

Working group

The utility industry and several federal agencies have formed a working group of top-level executives and government officials who meet regularly on the subject.

Utilities are also deploying a government-funded system called Cybersecurity Risk Information Sharing Program that monitors their networks for signs of hacker activity, using both unclassified and classified information to identify potential threats. Details of new malware can be shared among government agencies and utilities almost immediately, said Scott Aaronson, senior director for national security policy at the Edison Electric Institute, a utility trade association.

And in November, more than 230 companies and government offices participated in a two-day simulation of a coordinated physical and cyberattack on the nation's electric grid, in an exercise known as GridEx II. The simulation included denial-of-service attacks on company networks and assaults on substations.

"It's an evolving threat, and we need a constantly evolving response," Aaronson said.

Respond and recover

However, eliminating the threat is an impossible task, he said. Instead, the utilities must constantly find ways to prevent attacks and respond and recover quickly from a breach.

"You can't protect everything from everything," he said.

So far, several experts said, no blackout in the United States has been definitively pinned on a cyberattack. A National Journal article in 2008 argued that hackers in China may have caused a 2008 outage in Florida and played a role in the 2003 blackout that cut power to 55 million people in the northeastern United States and Canada.